Latest InfoSec Threat Research & News

Latest News

Firefox update 18 gets an update, but no security problems this time

Jan 20, 2013 - Firefox's version 18 gets an update to 18.0.1. The new point release mops up three (continue reading...)
Java hacker boasts of finding two more unpatched holes

Jan 20, 2013 - Serial Java fault-finder Adam Gowdiak has embarrassed Oracle yet again. The Polish researcher is publicly (continue reading...)
Indian two-factor authentication fraudsters busted by Delhi cops

Jan 19, 2013 - Two more alleged cybercrooks are cooling their heels in custody this weekend. The modern-day bank (continue reading...)
2012: #yearinreview, Part 3

Jan 19, 2013 - Part 3 of our 2012: #yearinreview — October to December.October 3, 2012It won't be long (continue reading...)
The Forrester Wave + Software Updater

Jan 19, 2013 - Our Corporate Security Business team has been making a lot of smart decisions lately (or (continue reading...)
Fix it: Internet Explorer 8 Vulnerability

Jan 19, 2013 - As mentioned in our previous post, there's an Internet Explorer (zero-day) remote code execution vulnerability (continue reading...)
Obit: Aaron Swartz

Jan 19, 2013 - Unfortunately, I didn't know much about Aaron Swartz until after his death.Of the things that (continue reading...)
Cool Exploit Kit is Related to Blackhole

Jan 19, 2013 - Two months ago, Karmina and Timo wrote about clear similarities between the Cool and Blackhole (continue reading...)
F-Secure Antivirus Research Weblog 2013-01-19 10:53:46

Jan 19, 2013 - Microsoft is releasing an out of cycle security update for users of Internet Explorer 6-8.According (continue reading...)
On the Topic of AV Being Useless

Jan 19, 2013 - I have lately been following and participating in discussions as to whether or not antivirus (continue reading...)

Featured

How to Set (and Keep) Your Web Security Goals for 2013

Jan 10, 2013 - Can you believe it’s time again for those New Year’s resolutions? It’s always great to start the New Year with a fresh set of to-do items that you’re finally going to get around to doing. The problem, however, is that ... The post How to Set (and Keep) Your Web Security Goals for 2013 appeared first on Acunetix.

Read full story

More Featured News

WordPress Pingback Vulnerability

Dec 17, 2012 - Recently somebody posted on Reddit about a WordPress scanner that is taking advantage of a new WordPress vulnerability. The vulnerability is abusing the Pingback system, which is a well-known feature (continue reading...)
Finding Web Flaws is not Point and Click

Dec 07, 2012 - Successful web security testing is not as simple as point and click. Unfortunately, many people treat it as such. The thought process goes something like this: 1. Load web vulnerability (continue reading...)
The Email that Hacks You

Nov 27, 2012 - Update: Seems to be working on TP-Link Routers as well (tested on TL-WR841N). Update2: Arcor EasyBox A600 also seems vulnerable. Opening a legitimate looking email on an iPhone, iPad or Mac while (continue reading...)
Do You Scan with Network Security Controls Enabled or Disabled?

Jun 21, 2012 - As application security professionals, we want to get as much as possible out of our security assessments. We’re not only expected to but we’re proud of our work and want (continue reading...)

Browse our Featured collection

More News

Microsoft

Microsoft, Oracle Release Security Fixes for Zero-Day Exploits

Microsoft has recently released a patch to address the zero-day exploit affecting certain versions of Internet Explorer. The said exploit was found to be hosted on the compromised Council on Foreign Relations website. When (continue reading...)

Internet Explorer 0-day bulletin – Update

Update: MS13-008 is live for download. Due to the availability of exploits treat with the highest priority and install as quickly as possible. Please note that this (continue reading...)

January 2013 Patch Tuesday

The first Patch Tuesday of 2013 started with a relatively normal rhythm. We are getting seven bulletins, with two bulletins considered "critical" and five bulletins "important." (continue reading...)

January 2013 Patch Tuesday Preview

Microsoft just published the Advanced Notification for the first Patch Tuesday of 2013. We will be looking at seven Bulletins, two rated "critical" and the (continue reading...)

Serious Internet Explorer vulnerability discovered

A flaw in Microsoft’s Internet Explorer (IE) 6, 7 and 8 could allow hackers to take control of a Windows-based computer if (continue reading...)

December 2012 Patch Tuesday

Today is the last Patch Tuesday of 2012. Its seven bulletins bring the total count for the year to 83, significantly down from last year's 100 (continue reading...)

Symantec Security Response

W32.Shadesrat (Blackshades) Author Arrested?

In a global sting operation carried out by the FBI, over 24 people have been arrested, including an individual named Michael Hogue, a.k.a. "xVisceral". According to an underground forum post, xVisceral is involved in the (continue reading...)

Obfuscating Embedded Malware on Android

The evolution of Android malware has made incontestable progress in the last few years and it often follows in the footsteps of PC-based malware, except that it happens at an accelerated pace. Often, malicious apps gain (continue reading...)

DDoS Attacks: The Zemra Bot

Symantec has become aware of a new Distributed Denial of Service (DDoS) crimeware bot known as "Zemra" and detected by Symantec as Backdoor.Zemra. Lately, this threat has been observed performing denial-of-service attacks against organizations (continue reading...)

Think About Your Career and the Outcome!

Last week I was jolted with a mail that says: My first reaction was: "Did I ever interview or converse with any such person? Then why (continue reading...)

Blackhole Exploit Kit Gets an Upgrade: Pseudo-random Domains

The Blackhole exploit kit has been extensively covered by Symantec for some time. As a brief reminder, like other exploit kits such as Phoenix, people using Blackhole compromise a legitimate site, inserting malicious (continue reading...)

Ecardgrabber: Android App Sniffing Contactless Credit Card Details over the Air

A security researcher from Germany released an Android application on Google Play that can obtain contactless credit card data over the air for a limited set of cards. Contactless credit cards can typically be used (continue reading...)

TrendMicro

2013 Security Predictions: What Should Small and Medium Businesses (SMB) Look Out For?

In 2012 small businesses globally were making the shift towards cloud-based applications and smart mobile devices, impacting the way they do business. These trends towards greater consumerization of IT and cloud adoption look likely to (continue reading...)

Latest News

Firefox update 18 gets an update, but no security problems this time

Java hacker boasts of finding two more unpatched holes

Indian two-factor authentication fraudsters busted by Delhi cops

2012: #yearinreview, Part 3

The Forrester Wave + Software Updater

Fix it: Internet Explorer 8 Vulnerability

Obit: Aaron Swartz

Cool Exploit Kit is Related to Blackhole

F-Secure Antivirus Research Weblog 2013-01-19 10:53:46

On the Topic of AV Being Useless

Featured

How to Set (and Keep) Your Web Security Goals for 2013

More Featured News

WordPress Pingback Vulnerability

Finding Web Flaws is not Point and Click

The Email that Hacks You

Do You Scan with Network Security Controls Enabled or Disabled?

More News

Microsoft

Microsoft, Oracle Release Security Fixes for Zero-Day Exploits

Internet Explorer 0-day bulletin – Update

January 2013 Patch Tuesday

January 2013 Patch Tuesday Preview

Serious Internet Explorer vulnerability discovered

December 2012 Patch Tuesday

Symantec Security Response

W32.Shadesrat (Blackshades) Author Arrested?

Obfuscating Embedded Malware on Android

DDoS Attacks: The Zemra Bot

Think About Your Career and the Outcome!

Blackhole Exploit Kit Gets an Upgrade: Pseudo-random Domains

Ecardgrabber: Android App Sniffing Contactless Credit Card Details over the Air

TrendMicro

2013 Security Predictions: What Should Small and Medium Businesses (SMB) Look Out For?

Hiding in Plain Sight: The FAKEM Remote Access Trojan

Malware Poses as an Update for Java 0-Day Fix

What Would Scammers Want With My Information?

Java Fix for Zero-Day Stirs Questions

Microsoft, Oracle Release Security Fixes for Zero-Day Exploits